Using Cryptographic Hardware

info types if it is a key that resides on the token and is not private.

KI_TOKEN_INFO *priKeyToken = (KI_TOKEN_INFO *)NULL_PTR;

ITEM *pubKeyInfo = (ITEM *)NULL_PTR;

if ((status = B_GetKeyInfo

((POINTER *)&priKeyToken, priKey, KI_Token)) != 0) break;

if ((status = B_GetKeyInfo ((POINTER *)&pubKeyInfo, pubKey, KI_RSAPublicBER)) != 0)

break;

Now you can send the public key to whomever you want. You can also save the private key token info. If you give that token info (which consists of a manufacturer's ID and a key handle) to Crypto-C again, you can use the key on the token. Incidentally, the key handle is the internalKey field of the KI_TOKEN_INFO and for the PKCS #11 interface, Crypto-C uses the key class, key type and digest of the modulus as the handle. Crypto-C sets the CKA_ID attribute of the token key with the digest of the modulus. See the "Advanced PKCS 11” section for more information.

Now that we have a key pair, we can sign.

if ((status = B_CreateAlgorithmObject (&signer)) != 0) break;

if ((status = B_SetAlgorithmInfo

(signer, AI_MD5WithRSAEncryption, NULL_PTR)) != 0) break;

if ((status = B_SignInit

(signer, priKey, hwChooserSign, NULL_SURR)) != 0) break;

if ((status = B_SignUpdate

(signer, dataToSign, dataToSignLen, NULL_SURR)) != 0) break;

if ((status = B_SignFinal

(signer, signature, &sigLen, sizeof (signature), NULL_RAND, NULL_SURR)) != 0)

break;

C h a p t e r 4 U s i n g C r y p t o - C

1 4 1

Page 163
Image 163
RSA Security 5.2.2 manual Using Cryptographic Hardware